Follow

Web Rules


Welcome to Ecessa Support, we have a variety of technical information and tools for a variety of solutions. If you aren't finding a solution, or would like to talk to a technical support team member, please call 800-669-6242.

See Ecessa's full line of products and solutions

This section allows the user to create web content rules. These rules will be marked as policy violation rules. For each tag specified in the Content section there will be 2 rules created, one for DNS and one for TLS.

To add a new web rule, click the Add Web Rule button on the Basic tab.  The Name is only for reference while the Content is what the rule will match.  For example entering facebook into the Content section would apply to all web traffic that has the word facebook in the URL or TLS exchange.  A single rule can contain multiple strings separated by a comma.

web_rules.png

The Action controls what will happen when traffic matches the Content.  An Alert action will only log the traffic but will not stop it.  A Drop action will silently discard the traffic.  A Reject action has different outcomes depending on the Mode:

- In IDS mode, traffic matching a REJECT rule will cause a TCP/ICMP error to be sent to the source and destination. Records of the traffic can be located in the IDS/IPS log on the Ecessa device.

- In IPS mode, traffic matching a DROP/REJECT rule will be discarded. Connections with traffic matching a DROP/REJECT rule will time out or report an error. Records of the dropped traffic can be located in the IDS/IPS log on the Ecessa device.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.